Re:

[roger nebel <roger () homecom com>]

Rick,

We typically recommend that a web server that will access a database be
alone on a dmz, or third, separate interface off the firewall with
separate rules for internet access to the web server and backside access
to / from the db which is behind the internal interface.  As always, you
should start with the business goals for the site, define the
requirements, assess your environment and assets (how sensitive is the
db info?), develop an appropriate policy, design an architecture which
securely meets your needs within your budget, and then develop effective
procedures to operate what you deploy.  Your best practices may be
different.  Any of the three methods you mention below will work given
adequate policy, technology, people, resources, and management support.  

good luck, roger  

Rick Horne wrote:
> Hello,
>         I'm looking for information on the best way to allow our web server to
> access an internal database.  We are beginning an Internet commerce
> site.  I've heard of several techniques:
> 1) The web server has wrapper/stub cgi programs that call cgi routines
> on a second external box that has permission to cross the firewall
> (a.k.a. a cgi reflector)
> 2) Move the web server inside and proxy it out to the Internet.
> 3) Export database to external server and allow web server to hit that
> db.
>
> I know that many thousands of companies are doing commerce but I've been
> unable to find a best practices document or other such info.
>
> Thanks in advance for any comments, info, or pointers to where I can
> find some info.
>
> Rick
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com